The Shinyhunters Cyber Crime Group, after Google asked for 2.5 billion users to globally consider their security after violating data through Salesforce, a customer management platform.
Contrary to violations of data that hackers are directly fragmented to databases that have valuable information, shinyhunters and several other groups-have been largely large corporations through voice-based social engineering (also known as “Vishing”).
Social engineering is when a person is deceived or manipulated in providing information or taking action that normally does not take.
In this case, to access protected systems, a criminal is targeted as an IT Helpdesk member of the company and persuades an employee to share multiplication passwords or multi -factor validity codes. Although Vishing is not a new tactic, the use of Deepfakes and artificial intelligence for clone sounds make this type of social engineering more difficult to identify.
Just this year, companies like Qantas, Pandora, Adidas, Chanel, Tiffany & Co. And Cisco is all targeted using similar tactics that have been affected by millions of users.
Who, or what, is shinyhunters?
Shinyhunters first appeared in 2020 and claims to have successfully attacked 91 victims so far. The group is primarily after money, but it also wanted to cause damage to its victims.
In 2021, Shinyhunters announced that they were stolen from 73 million AT&T customers.
Shinyhunters have previously targeted companies through vulnerability in cloud programs and databases of the website. By targeting customer management providers such as Salesforce, cybercriminals can access multiple customers in an attack.
The use of social engineering techniques is a relatively new tactic for Shinyhunters. This change in the approach is attributed to their links with other similar groups.
In mid -August, Shinyhunters released on the telegram that they collaborated with known threats of Spider and Lapsus $ for companies such as Salesforce and Allianz Life. The channel was destroyed by the telegram in several days. The group generally released Salesforce Allianz Life data, which included 2.8 million data records for customers and company partners.
The scattered hunters of Lapsus $, a newly rebuilt group, have recently advertised that they have begun offering ransomware as a service. This means that they carry out ransomware attacks on behalf of other groups they wish to pay.
They claim that their services are better offered by other cyber crimes groups such as Lockbit and Dragonforce. Instead of directly negotiating with the victims, the group publishes public extortion messages.
About the author
Jennifer Madbari is a lecturer in Information and Security at the University of Edith Cavan.
This article is published by Creative Commons. Read the original article.
Who are all these cyber criminals? There is probably a significant overlap of membership between Shinyhunters, Spider Plastic and Lapsus $. All of these groups are international and its members from different parts of the world operate on the dark web.
By adding to confusion, each group is known by different names. For example, scattered spiders are known as UNC3944, Sphere Scattering, Octopus, Octo Tempst, Storm-0875 and Libra Mudled.
How can we protect ourselves from evil?
As everyday users and customers of large technology companies, we can do little in the face of organized cyber crime groups. Keeping it personally from fraud means constantly alert.
Social engineering tactics can be very effective because they prey on human emotions and the desire to trust and help them.
But companies can also be active in reducing the risk of targeting Vishing tactics.
Organizations can be aware of these tactics and provide scenario -based training in employee training programs. They can also use additional verification methods, such as camera checks where an employee indicates a company badge or ID issued by the government, or by asking questions that are easily answered online with available information.
Finally, organizations can reinforce security using valid programs that need to be validated by multiprocessing phishing -resistant factor such as implementation or geo -strengthening. Matching the number requires the person to enter the number from the Identity Platform in the Credit Reference Program to verify the credit verification application. Geographical reinforcement uses one’s physical position as an additional identity verification factor.
